Previous studies have demonstrated that false commands can cause severe damage to large-scale cyber-physical systems (CPSs). We focus on a kind of threat called false sequential command attack, with which attackers can generate false sequential commands, resulting in the illegal control of the physical process. We present a feasible attack model. Attackers delay the disaggregation of former commands by manipulating maliciously sub-controllers. Simultaneously, bad feedback data is injected to defeat the controller to issue latter commands. Thus, false command sequence is executed and the disruption of physical process can be obtained. It is also difficult for the detector to identify such attacks as injecting bad data. We also discuss other possible attack paths and analyze the corresponding disadvantages. Compared with other paths, the proposed model is more feasible and has more difficulties to be detected. A case study is given to validate the feasibility and effectiveness of proposed false sequential command attack model. Finally, we discuss the possible countermeasure.
This is an open access article distributed under the Creative Commons Attribution License
which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited